Gathering detailed insights and metrics for serverless-prune-plugin
Gathering detailed insights and metrics for serverless-prune-plugin
Serverless Framework plugin to reap unused versions of deployed functions from AWS
Installations
npm install serverless-prune-pluginScore
61.8
Supply Chain
97.8
Quality
78.6
Maintenance
100
Vulnerability
98.3
License
Releases
27
Developer
claygregory
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
NPM Version
Statistics
364 Stars
117 Commits
35 Forks
9 Watching
2 Branches
11 Contributors
Updated on 19 Nov 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
55,959,102
Last day
-4.1%
55,676
Compared to previous day
Last week
2.8%
301,440
Compared to previous week
Last month
7.4%
1,260,881
Compared to previous month
Last year
1.2%
14,740,017
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Peer Dependencies
1
Versions
Serverless Prune Plugin
Following deployment, the Serverless Framework does not purge previous versions of functions from AWS, so the number of deployed versions can grow out of hand rather quickly. This plugin allows pruning of all but the most recent version(s) of managed functions from AWS. This plugin is compatible with Serverless 1.x and higher.
Installation
Install with npm:
1npm install --save-dev serverless-prune-plugin
And then add the plugin to your serverless.yml file:
1plugins: 2 - serverless-prune-plugin
Alternatively, install with the Serverless plugin command (Serverless Framework 1.22 or higher):
1sls plugin install -n serverless-prune-plugin
Usage
In the project root, run:
1sls prune -n <number of version to keep>
This will delete all but the n-most recent versions of each function deployed. Versions referenced by an alias are automatically preserved.
Single Function
A single function can be targeted for cleanup:
1sls prune -n <number of version to keep> -f helloWorld
Region/Stage
The previous usage examples prune the default stage in the default region. Use --stage and --region to specify:
1sls prune -n <number of version to keep> --stage production --region eu-central-1
Automatic Pruning
This plugin can also be configured to run automatically, following a deployment. Configuration of automatic pruning is within the custom property of serverless.yml. For example:
1custom: 2 prune: 3 automatic: true 4 number: 3
To run automatically, the automatic property of prune must be set to true and the number of versions to keep must be specified.
It is possible to set number to 0. In this case, the plugin will delete all the function versions (except $LATEST); this is useful when disabling function versioning for an already-deployed stack.
Layers
This plugin can also prune Lambda Layers in the same manner that it prunes functions. You can specify a Lambda Layer, or add the flag, includeLayers:
1custom: 2 prune: 3 automatic: true 4 includeLayers: true 5 number: 3
Dry Run
A dry-run will preview the deletion candidates, without actually performing the pruning operations:
1sls prune -n <number of version to keep> --dryRun
Additional Help
See:
1sls prune --help
Permissions Required
To run this plugin, the user will need to be allowed the following permissions in AWS:
lambda:listAliaseslambda:listVersionsByFunctionlambda:deleteFunctionlambda:listLayerVersionslambda:deleteLayerVersion
Common Questions
How do I set up different pruning configurations per region/stage?
Several suggestions are available in this thread.
Can I just disable versioning entirely?
Absolutely. While Serverless Framework has it enabled by default, versioning can be disabled.
License
Copyright (c) 2017 Clay Gregory. See the included LICENSE for rights and limitations under the terms of the MIT license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/claygregory/serverless-prune-plugin/test.yml/master?enable=pin
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
5 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Reason
Found 1/9 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Score
4.2
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More